Deleted POST, GET ...

post.php

@@ -14,8 +14,10 @@ if ($pun_user['g_read_board'] == '0')
 	message($lang_common['No view'], false, '403 Forbidden');
 
 
-$tid = isset($_GET['tid']) ? intval($_GET['tid']) : 0;
-$fid = isset($_GET['fid']) ? intval($_GET['fid']) : 0;
+$request = $container->get('Request');
+
+$tid = $request->getInt('tid', 0);
+$fid = $request->getInt('fid', 0);
 if ($tid < 1 && $fid < 1 || $tid > 0 && $fid > 0)
 	message($lang_common['Bad request'], false, '404 Not Found');
 
@@ -68,12 +70,12 @@ $errors = array();
 
 
 // Did someone just hit "Submit" or "Preview"?
-if (isset($_POST['form_sent']))
+if ($request->isPost('form_sent'))
 {
 	flux_hook('post_before_validation');
 
 	// Flood protection
-	if (!isset($_POST['preview']) && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
+	if (! $request->isPost('preview') && $pun_user['last_post'] != '' && (time() - $pun_user['last_post']) < $pun_user['g_post_flood'])
 		$errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - (time() - $pun_user['last_post']));
 
 	// Make sure they got here from the site
@@ -82,7 +84,7 @@ if (isset($_POST['form_sent']))
 	// If it's a new topic
 	if ($fid)
 	{
-		$subject = pun_trim($_POST['req_subject']);
+		$subject = trim($request->postStr('req_subject'));
 
 		if ($pun_config['o_censoring'] == '1')
 			$censored_subject = pun_trim(censor_words($subject));
@@ -106,8 +108,8 @@ if (isset($_POST['form_sent']))
 	// Otherwise it should be in $_POST
 	else
 	{
-		$username = pun_trim($_POST['req_username']);
-		$email = strtolower(pun_trim(($pun_config['p_force_guest_email'] == '1') ? $_POST['req_email'] : $_POST['email']));
+		$username = trim($request->postStr('req_username'));
+		$email = strtolower(pun_trim($request->postStr($pun_config['p_force_guest_email'] == '1' ? 'req_email' : 'email')));
 		$banned_email = false;
 
 		// Load the register.php/prof_reg.php language files
@@ -136,7 +138,7 @@ if (isset($_POST['form_sent']))
 	}
 
 	// Clean up message from POST
-	$orig_message = $message = pun_linebreaks(pun_trim($_POST['req_message']));
+	$orig_message = $message = pun_linebreaks(trim($request->postStr('req_message')));
 
 	// Here we use strlen() not pun_strlen() as we want to limit the post to PUN_MAX_POSTSIZE bytes, not characters
 	if (pun_strlen($message) > PUN_MAX_POSTSIZE)
@@ -165,9 +167,9 @@ if (isset($_POST['form_sent']))
 		}
 	}
 
-	$hide_smilies = isset($_POST['hide_smilies']) ? '1' : '0';
-	$subscribe = isset($_POST['subscribe']) ? '1' : '0';
-	$stick_topic = isset($_POST['stick_topic']) && $is_admmod ? '1' : '0';
+	$hide_smilies = $request->isPost('hide_smilies') ? '1' : '0';
+	$subscribe = $request->isPost('subscribe') ? '1' : '0';
+	$stick_topic = $request->isPost('stick_topic') && $is_admmod ? '1' : '0';
 
 	// Replace four-byte characters (MySQL cannot handle them)
 	$message = strip_bad_multibyte_chars($message);
@@ -181,12 +183,12 @@ if (isset($_POST['form_sent']))
 	flux_hook('post_after_validation');
 
 	// Did everything go according to plan?
-	if (empty($errors) && !isset($_POST['preview']))
+	if (empty($errors) && ! $request->isPost('preview'))
 	{
 		require PUN_ROOT.'include/search_idx.php';
 
 // START Merge Post
-		if (isset($pun_config['o_merge_timeout']) && !$pun_user['is_guest'] && !$fid && (($is_admmod && !empty($_POST['merge'])) || !$is_admmod) && $cur_posting['poster_id']!=NULL && $cur_posting['message']!=NULL && ($now - $cur_posting['posted'])<$pun_config['o_merge_timeout'] && (pun_strlen($cur_posting['message'].$message) + 100 < PUN_MAX_POSTSIZE))
+		if (isset($pun_config['o_merge_timeout']) && !$pun_user['is_guest'] && !$fid && (($is_admmod && $request->isPost('merge')) || !$is_admmod) && $cur_posting['poster_id']!=NULL && $cur_posting['message']!=NULL && ($now - $cur_posting['posted'])<$pun_config['o_merge_timeout'] && (pun_strlen($cur_posting['message'].$message) + 100 < PUN_MAX_POSTSIZE))
 		{
 			$message= '[after='.($now - $cur_posting['posted']).']'."\n".$message;
 			$merged = true;
@@ -327,7 +329,7 @@ if (isset($_POST['form_sent']))
 		// If it's a new topic
 		else if ($fid)
 		{
-			$stick_fp = ($is_admmod && isset($_POST['stickfp'])) ? 1 : 0; // StickFP - Visman
+			$stick_fp = ($is_admmod && $request->isPost('stickfp')) ? 1 : 0; // StickFP - Visman
 			// Create the topic
 			$db->query('INSERT INTO '.$db->prefix.'topics (stick_fp, poster, subject, posted, last_post, last_poster, sticky, forum_id) VALUES('.$stick_fp.', \''.$db->escape($username).'\', \''.$db->escape($subject).'\', '.$now.', '.$now.', \''.$db->escape($username).'\', '.$stick_topic.', '.$fid.')') or error('Unable to create topic', __FILE__, __LINE__, $db->error());
 			$new_tid = $db->insert_id();
@@ -502,9 +504,9 @@ if ($tid)
 	$form = '<form id="post" method="post" action="post.php?action=post&amp;tid='.$tid.'" onsubmit="this.submit.disabled=true;if(process_form(this)){return true;}else{this.submit.disabled=false;return false;}">';
 
 	// If a quote ID was specified in the url
-	if (isset($_GET['qid']))
+	if ($request->isGet('qid'))
 	{
-		$qid = intval($_GET['qid']);
+		$qid = $request->getInt('qid', 0);
 		if ($qid < 1)
 			message($lang_common['Bad request'], false, '404 Not Found');
 
@@ -608,7 +610,7 @@ require PUN_ROOT.'header.php';
 		<ul class="crumbs">
 			<li><a href="index.php"><?php echo $lang_common['Index'] ?></a></li>
 			<li><span>»&#160;</span><a href="viewforum.php?id=<?php echo $cur_posting['id'] ?>"><?php echo pun_htmlspecialchars($cur_posting['forum_name']) ?></a></li>
-<?php if (isset($_POST['req_subject'])): ?>			<li><span>»&#160;</span><?php echo pun_htmlspecialchars($_POST['req_subject']) ?></li>
+<?php if ($request->isPost('req_subject')): ?>			<li><span>»&#160;</span><?php echo pun_htmlspecialchars($request->postStr('req_subject', '')) ?></li>
 <?php endif; ?>
 <?php if (isset($cur_posting['subject'])): ?>			<li><span>»&#160;</span><a href="viewtopic.php?id=<?php echo $tid ?>"><?php echo pun_htmlspecialchars($cur_posting['subject']) ?></a></li>
 <?php endif; ?>			<li><span>»&#160;</span><strong><?php echo $action ?></strong></li>
@@ -642,7 +644,7 @@ if (!empty($errors))
 <?php
 
 }
-else if (isset($_POST['preview']))
+else if ($request->isPost('preview'))
 {
 	require_once PUN_ROOT.'include/parser.php';
 	$preview_message = parse_message($message, $hide_smilies);
@@ -689,18 +691,18 @@ if ($pun_user['is_guest'])
 	$email_form_name = ($pun_config['p_force_guest_email'] == '1') ? 'req_email' : 'email';
 
 ?>
-						<label class="conl required"><strong><?php echo $lang_post['Guest name'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if (isset($_POST['req_username'])) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
-						<label class="conl<?php echo ($pun_config['p_force_guest_email'] == '1') ? ' required' : '' ?>"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if (isset($_POST[$email_form_name])) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="80" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
+						<label class="conl required"><strong><?php echo $lang_post['Guest name'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_username" value="<?php if ($request->isPost('req_username')) echo pun_htmlspecialchars($username); ?>" size="25" maxlength="25" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
+						<label class="conl<?php echo ($pun_config['p_force_guest_email'] == '1') ? ' required' : '' ?>"><?php echo $email_label ?><br /><input type="text" name="<?php echo $email_form_name ?>" value="<?php if ($request->isPost($email_form_name)) echo pun_htmlspecialchars($email); ?>" size="50" maxlength="80" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
 						<div class="clearer"></div>
 <?php
 
 }
 
 if ($fid): ?>
-						<label class="required"><strong><?php echo $lang_common['Subject'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if (isset($_POST['req_subject'])) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
+						<label class="required"><strong><?php echo $lang_common['Subject'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input class="longinput" type="text" name="req_subject" value="<?php if ($request->isPost('req_subject')) echo pun_htmlspecialchars($subject); ?>" size="80" maxlength="70" tabindex="<?php echo $cur_index++ ?>" /><br /></label>
 <?php endif; ?>
 						<label class="required"><strong><?php echo $lang_common['Message'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
-						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo isset($_POST['req_message']) ? pun_htmlspecialchars($orig_message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
+						<textarea name="req_message" rows="20" cols="95" tabindex="<?php echo $cur_index++ ?>"><?php echo $request->isPost('req_message') ? pun_htmlspecialchars($orig_message) : (isset($quote) ? $quote : ''); ?></textarea><br /></label>
 						<ul class="bblinks">
 							<li><span><a href="help.php#bbcode" onclick="window.open(this.href); return false;"><?php echo $lang_common['BBCode'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
 							<li><span><a href="help.php#url" onclick="window.open(this.href); return false;"><?php echo $lang_common['url tag'] ?></a> <?php echo ($pun_config['p_message_bbcode'] == '1' && $pun_user['g_post_links'] == '1') ? $lang_common['on'] : $lang_common['off']; ?></span></li>
@@ -713,20 +715,20 @@ if ($fid): ?>
 
 $checkboxes = array();
 if ($fid && $is_admmod)
-	$checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['stick_topic']) ? ' checked="checked"' : '').' />'.$lang_common['Stick topic'].'<br /></label>';
+	$checkboxes[] = '<label><input type="checkbox" name="stick_topic" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('stick_topic') ? ' checked="checked"' : '').' />'.$lang_common['Stick topic'].'<br /></label>';
 
 if (!$pun_user['is_guest'])
 {
 	if ($pun_config['o_smilies'] == '1')
-		$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
+		$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('hide_smilies') ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
 
 	if ($pun_config['o_topic_subscriptions'] == '1')
 	{
 		$subscr_checked = false;
 
 		// If it's a preview
-		if (isset($_POST['preview']))
-			$subscr_checked = isset($_POST['subscribe']) ? true : false;
+		if ($request->isPost('preview'))
+			$subscr_checked = $request->isPost('subscribe') ? true : false;
 		// If auto subscribed
 		else if ($pun_user['auto_notify'])
 			$subscr_checked = true;
@@ -738,12 +740,12 @@ if (!$pun_user['is_guest'])
 	}
 
 	if ($is_admmod && !$fid) // Merge mod - Visman
-		$checkboxes[] = '<label><input type="checkbox" name="merge" value="1" tabindex="'.($cur_index++).'"'.((isset($_POST['merge']) || (!isset($_POST['merge']) && !isset($_POST['form_sent']))) ? ' checked="checked"' : '').' />'.$lang_post['Merge posts'].'<br /></label>';
+		$checkboxes[] = '<label><input type="checkbox" name="merge" value="1" tabindex="'.($cur_index++).'"'.(($request->isPost('merge') || (! $request->isPost('merge') && ! $request->isPost('form_sent'))) ? ' checked="checked"' : '').' />'.$lang_post['Merge posts'].'<br /></label>';
 	if ($is_admmod && $fid) // StickFP - Visman
-		$checkboxes[] = '<label><input type="checkbox" name="stickfp" value="1" tabindex="'.($cur_index++).'"'.((isset($_POST['stickfp'])) ? ' checked="checked"' : '').' />'.$lang_post['Stick first post'].'<br /></label>';
+		$checkboxes[] = '<label><input type="checkbox" name="stickfp" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('stickfp') ? ' checked="checked"' : '').' />'.$lang_post['Stick first post'].'<br /></label>';
 }
 else if ($pun_config['o_smilies'] == '1')
-		$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.(isset($_POST['hide_smilies']) ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
+		$checkboxes[] = '<label><input type="checkbox" name="hide_smilies" value="1" tabindex="'.($cur_index++).'"'.($request->isPost('hide_smilies') ? ' checked="checked"' : '').' />'.$lang_post['Hide smilies'].'<br /></label>';
 
 if (!empty($checkboxes))
 {

profile.php

@@ -14,13 +14,15 @@ require PUN_ROOT.'include/utf8/substr_replace.php';
 require PUN_ROOT.'include/utf8/ucwords.php'; // utf8_ucwords needs utf8_substr_replace
 require PUN_ROOT.'include/utf8/strcasecmp.php';
 
-$action = isset($_GET['action']) ? $_GET['action'] : null;
-$section = isset($_GET['section']) ? $_GET['section'] : null;
-$id = isset($_GET['id']) ? intval($_GET['id']) : 0;
+$request = $container->get('Request');
+
+$action = $request->getStr('action');
+$section = $request->getStr('section');
+$id = $request->getInt('id', 0);
 if ($id < 2)
 	message($lang_common['Bad request'], false, '404 Not Found');
 
-if ($action != 'change_pass' || !isset($_GET['key']))
+if ($action !== 'change_pass' || ! $request->isGet('key'))
 {
 	if ($pun_user['g_read_board'] == '0')
 		message($lang_common['No view'], false, '403 Forbidden');
@@ -38,9 +40,9 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/profile.php';
 // Load the Genders Integration mod language file
 require PUN_ROOT.'lang/'.$pun_user['language'].'/genders_integration.php';
 
-if ($action == 'change_pass')
+if ($action === 'change_pass')
 {
-	if (isset($_GET['key']))
+	if ($request->isGet('key'))
 	{
 		// If the user is already logged in we shouldn't be here :)
 		if (!$pun_user['is_guest'])
@@ -49,7 +51,7 @@ if ($action == 'change_pass')
 			exit;
 		}
 
-		$key = $_GET['key'];
+		$key = $request->getStr('key', '');
 
 		$result = $db->query('SELECT * FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch new password', __FILE__, __LINE__, $db->error());
 		$cur_user = $db->fetch_assoc($result);
@@ -82,14 +84,14 @@ if ($action == 'change_pass')
 		}
 	}
 
-	if (isset($_POST['form_sent']))
+	if ($request->isPost('form_sent'))
 	{
 		// Make sure they got here from the site
 		confirm_referrer('profile.php');
 
-		$old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : '';
-		$new_password1 = pun_trim($_POST['req_new_password1']);
-		$new_password2 = pun_trim($_POST['req_new_password2']);
+		$old_password = trim($request->postStr('req_old_password'));
+		$new_password1 = trim($request->postStr('req_new_password1'));
+		$new_password2 = trim($request->postStr('req_new_password2'));
 
 		if ($new_password1 != $new_password2)
 			message($lang_prof_reg['Pass not match']);
@@ -159,7 +161,7 @@ if ($action == 'change_pass')
 }
 
 
-else if ($action == 'change_email')
+else if ($action === 'change_email')
 {
 	// Make sure we are allowed to change this user's email
 	if ($pun_user['id'] != $id)
@@ -179,9 +181,9 @@ else if ($action == 'change_email')
 		}
 	}
 
-	if (isset($_GET['key']))
+	if ($request->isGet('key'))
 	{
-		$key = $_GET['key'];
+		$key = $request->getStr('key', '');
 
 		$result = $db->query('SELECT activate_string, activate_key FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch activation data', __FILE__, __LINE__, $db->error());
 		list($new_email, $new_email_key) = $db->fetch_row($result);
@@ -195,9 +197,9 @@ else if ($action == 'change_email')
 			message($lang_profile['Email updated'], true);
 		}
 	}
-	else if (isset($_POST['form_sent']))
+	else if ($request->isPost('form_sent'))
 	{
-		if (pun_hash($_POST['req_password']) !== $pun_user['password'])
+		if (pun_hash($request->postStr('req_password','')) !== $pun_user['password'])
 			message($lang_profile['Wrong pass']);
 
 		// Make sure they got here from the site
@@ -206,7 +208,7 @@ else if ($action == 'change_email')
 		require PUN_ROOT.'include/email.php';
 
 		// Validate the email address
-		$new_email = strtolower(pun_trim($_POST['req_new_email']));
+		$new_email = strtolower(pun_trim($request->postStr('req_new_email')));
 		if (!is_valid_email($new_email))
 			message($lang_common['Invalid email']);
 
@@ -318,7 +320,7 @@ else if ($action == 'change_email')
 }
 
 
-else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
+else if ($action === 'upload_avatar' || $action === 'upload_avatar2')
 {
 	if ($pun_config['o_avatars'] == '0')
 		message($lang_profile['Avatars disabled']);
@@ -328,7 +330,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
 		
 	require PUN_ROOT.'include/upload.php'; // Visman - auto resize avatar
 
-	if (isset($_POST['form_sent']))
+	if ($request->isPost('form_sent'))
 	{
 		if (!isset($_FILES['req_file']))
 			message($lang_profile['No file']);
@@ -465,7 +467,7 @@ else if ($action == 'upload_avatar' || $action == 'upload_avatar2')
 }
 
 
-else if ($action == 'delete_avatar')
+else if ($action === 'delete_avatar')
 {
 	if ($pun_user['id'] != $id && !$pun_user['is_admmod'])
 		message($lang_common['No permission'], false, '403 Forbidden');
@@ -478,14 +480,14 @@ else if ($action == 'delete_avatar')
 }
 
 
-else if (isset($_POST['update_group_membership']))
+else if ($request->isPost('update_group_membership'))
 {
 	if ($pun_user['g_id'] > PUN_ADMIN)
 		message($lang_common['No permission'], false, '403 Forbidden');
 
 	confirm_referrer('profile.php');
 
-	$new_group_id = intval($_POST['group_id']);
+	$new_group_id = $request->postInt('group_id', 0);
 
 	$result = $db->query('SELECT group_id FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user group', __FILE__, __LINE__, $db->error());
 	$old_group_id = $db->result($result);
@@ -528,7 +530,7 @@ else if (isset($_POST['update_group_membership']))
 }
 
 
-else if (isset($_POST['update_forums']))
+else if ($request->isPost('update_forums'))
 {
 	if ($pun_user['g_id'] > PUN_ADMIN)
 		message($lang_common['No permission'], false, '403 Forbidden');
@@ -539,7 +541,7 @@ else if (isset($_POST['update_forums']))
 	$result = $db->query('SELECT username FROM '.$db->prefix.'users WHERE id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
 	$username = $db->result($result);
 
-	$moderator_in = (isset($_POST['moderator_in'])) ? array_keys($_POST['moderator_in']) : array();
+	$moderator_in = array_keys($request->post('moderator_in', array());
 
 	// Loop through all forums
 	$result = $db->query('SELECT id, moderators FROM '.$db->prefix.'forums') or error('Unable to fetch forum list', __FILE__, __LINE__, $db->error());
@@ -569,7 +571,7 @@ else if (isset($_POST['update_forums']))
 }
 
 
-else if (isset($_POST['ban']))
+else if ($request->isPost('ban'))
 {
 	if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_ban_users'] == '0'))
 		message($lang_common['No permission'], false, '403 Forbidden');
@@ -590,14 +592,14 @@ else if (isset($_POST['ban']))
 }
 
 
-else if ($action == 'promote')
+else if ($action === 'promote')
 {
 	if ($pun_user['g_id'] != PUN_ADMIN && ($pun_user['g_moderator'] != '1' || $pun_user['g_mod_promote_users'] == '0'))
 		message($lang_common['No permission'], false, '403 Forbidden');
 
 	confirm_referrer('viewtopic.php');
 
-	$pid = isset($_GET['pid']) ? intval($_GET['pid']) : 0;
+	$pid = $request->getInt('pid', 0);
 
 	$sql = 'SELECT g.g_promote_next_group FROM '.$db->prefix.'groups AS g INNER JOIN '.$db->prefix.'users AS u ON u.group_id=g.g_id WHERE u.id='.$id.' AND g.g_promote_next_group>0';
 	$result = $db->query($sql) or error('Unable to fetch promotion information', __FILE__, __LINE__, $db->error());
@@ -612,7 +614,7 @@ else if ($action == 'promote')
 }
 
 
-else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
+else if ($request->isPost('delete_user') || $request->isPost('delete_user_comply'))
 {
 	if ($pun_user['g_id'] > PUN_ADMIN)
 		message($lang_common['No permission'], false, '403 Forbidden');
@@ -626,7 +628,7 @@ else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
 	if ($group_id == PUN_ADMIN)
 		message($lang_profile['No delete admin message']);
 
-	if (isset($_POST['delete_user_comply']))
+	if ($request->isPost('delete_user_comply'))
 	{
 		// If the user is a moderator or an administrator, we remove him/her from the moderator list in all forums as well
 		$result = $db->query('SELECT g_moderator FROM '.$db->prefix.'groups WHERE g_id='.$group_id) or error('Unable to fetch group', __FILE__, __LINE__, $db->error());
@@ -658,7 +660,7 @@ else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
 		$db->query('DELETE FROM '.$db->prefix.'online WHERE user_id='.$id) or error('Unable to remove user from online list', __FILE__, __LINE__, $db->error());
 
 		// Should we delete all posts made by this user?
-		if (isset($_POST['delete_posts']))
+		if ($request->isPost('delete_posts'))
 		{
 			require PUN_ROOT.'include/search_idx.php';
 			@set_time_limit(0);
@@ -741,7 +743,7 @@ else if (isset($_POST['delete_user']) || isset($_POST['delete_user_comply']))
 }
 
 
-else if (isset($_POST['form_sent']))
+else if ($request->isPost('form_sent'))
 {
 	// Fetch the user group of the user we are editing
 	$result = $db->query('SELECT u.username, u.group_id, g.g_moderator FROM '.$db->prefix.'users AS u LEFT JOIN '.$db->prefix.'groups AS g ON (g.g_id=u.group_id) WHERE u.id='.$id) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());
@@ -763,23 +765,25 @@ else if (isset($_POST['form_sent']))
 
 	$username_updated = false;
 
+	$data = $request->post('form', array());
+
 	// Validate input depending on section
 	switch ($section)
 	{
 		case 'essentials':
 		{
 			$form = array(
-				'timezone'		=> floatval($_POST['form']['timezone']),
-				'dst'			=> isset($_POST['form']['dst']) ? '1' : '0',
-				'time_format'	=> intval($_POST['form']['time_format']),
-				'date_format'	=> intval($_POST['form']['date_format']),
+				'timezone'		=> floatval($data['timezone']),
+				'dst'			=> isset($data['dst']) ? '1' : '0',
+				'time_format'	=> intval($data['time_format']),
+				'date_format'	=> intval($data['date_format']),
 			);
 
 			// Make sure we got a valid language string
-			if (isset($_POST['form']['language']))
+			if (isset($data['language']))
 			{
 				$languages = forum_list_langs();
-				$form['language'] = pun_trim($_POST['form']['language']);
+				$form['language'] = pun_trim($data['language']);
 				if (!in_array($form['language'], $languages))
 					message($lang_common['Bad request'], false, '404 Not Found');
 			}
@@ -788,12 +792,12 @@ else if (isset($_POST['form_sent']))
 
 			if ($pun_user['is_admmod'])
 			{
-				$form['admin_note'] = pun_trim($_POST['admin_note']);
+				$form['admin_note'] = trim($request->postStr('admin_note'));
 
 				// Are we allowed to change usernames?
 				if ($pun_user['g_id'] == PUN_ADMIN || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_rename_users'] == '1'))
 				{
-					$form['username'] = pun_trim($_POST['req_username']);
+					$form['username'] = trim($request->postStr('req_username'));
 
 					if ($form['username'] != $old_username)
 					{
@@ -811,7 +815,7 @@ else if (isset($_POST['form_sent']))
 
 				// We only allow administrators to update the post count
 				if ($pun_user['g_id'] == PUN_ADMIN)
-					$form['num_posts'] = intval($_POST['num_posts']);
+					$form['num_posts'] = $request->postInt('num_posts', 0); //????
 			}
 
 			if ($pun_config['o_regs_verify'] == '0' || $pun_user['is_admmod'])
@@ -819,7 +823,7 @@ else if (isset($_POST['form_sent']))
 				require PUN_ROOT.'include/email.php';
 
 				// Validate the email address
-				$form['email'] = strtolower(pun_trim($_POST['req_email']));
+				$form['email'] = strtolower(pun_trim($request->postStr('req_email')));
 				if (!is_valid_email($form['email']))
 					message($lang_common['Invalid email']);
 			}
@@ -830,10 +834,10 @@ else if (isset($_POST['form_sent']))
 		case 'personal':
 		{
 			$form = array(
-				'realname'		=> isset($_POST['form']['realname']) ? pun_trim($_POST['form']['realname']) : '',
-				'gender'		=> isset($_POST['form']['gender']) ? pun_trim($_POST['form']['gender']) : '', // мод пола - Visman
-				'url'			=> isset($_POST['form']['url']) ? pun_trim($_POST['form']['url']) : '',
-				'location'		=> isset($_POST['form']['location']) ? pun_trim($_POST['form']['location']) : '',
+				'realname'		=> isset($data['realname']) ? pun_trim($data['realname']) : '',
+				'gender'		=> isset($data['gender']) ? pun_trim($data['gender']) : '', // мод пола - Visman
+				'url'			=> isset($data['url']) ? pun_trim($data['url']) : '',
+				'location'		=> isset($data['location']) ? pun_trim($data['location']) : '',
 			);
 
 			// Add http:// if the URL doesn't contain it already (while allowing https://, too)
@@ -858,10 +862,10 @@ else if (isset($_POST['form_sent']))
 			}
 
 			if ($pun_user['g_id'] == PUN_ADMIN)
-				$form['title'] = pun_trim($_POST['title']);
+				$form['title'] = trim($request->postStr('title'));
 			else if ($pun_user['g_set_title'] == '1')
 			{
-				$form['title'] = pun_trim($_POST['title']);
+				$form['title'] = trim($request->postStr('title'));
 
 				if ($form['title'] != '')
 				{
@@ -880,11 +884,11 @@ else if (isset($_POST['form_sent']))
 		case 'messaging':
 		{
 			$form = array(
-				'jabber'		=> pun_trim($_POST['form']['jabber']),
-				'icq'			=> pun_trim($_POST['form']['icq']),
-				'msn'			=> pun_trim($_POST['form']['msn']),
-				'aim'			=> pun_trim($_POST['form']['aim']),
-				'yahoo'			=> pun_trim($_POST['form']['yahoo']),
+				'jabber'		=> pun_trim($data['jabber']),
+				'icq'			=> pun_trim($data['icq']),
+				'msn'			=> pun_trim($data['msn']),
+				'aim'			=> pun_trim($data['aim']),
+				'yahoo'			=> pun_trim($data['yahoo']),
 			);
 
 			// If the ICQ UIN contains anything other than digits it's invalid
@@ -901,7 +905,7 @@ else if (isset($_POST['form_sent']))
 			// Clean up signature from POST
 			if ($pun_config['o_signatures'] == '1')
 			{
-				$form['signature'] = pun_linebreaks(pun_trim($_POST['signature']));
+				$form['signature'] = pun_linebreaks(pun_trim($request->postStr('signature')));
 
 				// Validate signature
 				if (pun_strlen($form['signature']) > $pun_config['p_sig_length'])
@@ -931,8 +935,8 @@ else if (isset($_POST['form_sent']))
 		case 'display':
 		{
 			$form = array(
-				'disp_topics'		=> pun_trim($_POST['form']['disp_topics']),
-				'disp_posts'		=> pun_trim($_POST['form']['disp_posts']),
+				'disp_topics'		=> pun_trim($data['disp_topics']),
+				'disp_posts'		=> pun_trim($data['disp_posts']),
 			);
 
 			if ($form['disp_topics'] != '')
@@ -954,25 +958,25 @@ else if (isset($_POST['form_sent']))
 			}
 
 			if ($pun_config['o_smilies'] == '1' || $pun_config['o_smilies_sig'] == '1')
-				$form['show_smilies'] = isset($_POST['form']['show_smilies']) ? '1' : '0';
+				$form['show_smilies'] = isset($data['show_smilies']) ? '1' : '0';
 
 			if ($pun_config['p_message_bbcode'] == '1' && $pun_config['p_message_img_tag'] == '1')
-				$form['show_img'] = isset($_POST['form']['show_img']) ? '1' : '0';
+				$form['show_img'] = isset($data['show_img']) ? '1' : '0';
 
 			if ($pun_config['o_signatures'] == '1' && $pun_config['p_sig_bbcode'] == '1' && $pun_config['p_sig_img_tag'] == '1')
-				$form['show_img_sig'] = isset($_POST['form']['show_img_sig']) ? '1' : '0';
+				$form['show_img_sig'] = isset($data['show_img_sig']) ? '1' : '0';
 
 			if ($pun_config['o_avatars'] == '1')
-				$form['show_avatars'] = isset($_POST['form']['show_avatars']) ? '1' : '0';
+				$form['show_avatars'] = isset($data['show_avatars']) ? '1' : '0';
 
 			if ($pun_config['o_signatures'] == '1')
-				$form['show_sig'] = isset($_POST['form']['show_sig']) ? '1' : '0';
+				$form['show_sig'] = isset($data['show_sig']) ? '1' : '0';
 
 			// Make sure we got a valid style string
-			if (isset($_POST['form']['style']))
+			if (isset($data['style']))
 			{
 				$styles = forum_list_styles();
-				$form['style'] = pun_trim($_POST['form']['style']);
+				$form['style'] = pun_trim($data['style']);
 				if (!in_array($form['style'], $styles))
 					message($lang_common['Bad request'], false, '404 Not Found');
 			}
@@ -983,9 +987,9 @@ else if (isset($_POST['form_sent']))
 		case 'privacy':
 		{
 			$form = array(
-				'email_setting'			=> intval($_POST['form']['email_setting']),
-				'notify_with_post'		=> isset($_POST['form']['notify_with_post']) ? '1' : '0',
-				'auto_notify'			=> isset($_POST['form']['auto_notify']) ? '1' : '0',
+				'email_setting'			=> intval($data['email_setting']),
+				'notify_with_post'		=> isset($data['notify_with_post']) ? '1' : '0',
+				'auto_notify'			=> isset($data['auto_notify']) ? '1' : '0',
 			);
 
 			if ($form['email_setting'] < 0 || $form['email_setting'] > 2)
@@ -1307,7 +1311,7 @@ if ($pun_user['id'] != $id &&																	// If we aren't the user (i.e. edi
 }
 else
 {
-	if (!$section || $section == 'essentials')
+	if (!$section || $section === 'essentials')
 	{
 		if ($pun_user['is_admmod'])
 		{
@@ -1523,7 +1527,7 @@ else
 <?php
 
 	}
-	else if ($section == 'personal')
+	else if ($section === 'personal')
 	{
 		if ($pun_user['g_set_title'] == '1')
 			$title_field = '<label>'.$lang_common['Title'].' <em>('.$lang_profile['Leave blank'].')</em><br /><input type="text" name="title" value="'.pun_htmlspecialchars($user['title']).'" size="30" maxlength="50" /><br /></label>'."\n";
@@ -1565,7 +1569,7 @@ else
 <?php
 
 	}
-	else if ($section == 'messaging')
+	else if ($section === 'messaging')
 	{
 
 		$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section messaging']);
@@ -1600,7 +1604,7 @@ else
 <?php
 
 	}
-	else if ($section == 'personality')
+	else if ($section === 'personality')
 	{
 		if ($pun_config['o_avatars'] == '0' && $pun_config['o_signatures'] == '0')
 			message($lang_common['Bad request'], false, '404 Not Found');
@@ -1667,7 +1671,7 @@ else
 <?php
 
 	}
-	else if ($section == 'display')
+	else if ($section === 'display')
 	{
 		$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section display']);
 		define('PUN_ACTIVE_PAGE', 'profile');
@@ -1754,7 +1758,7 @@ else
 <?php
 
 	}
-	else if ($section == 'privacy')
+	else if ($section === 'privacy')
 	{
 		$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_common['Profile'], $lang_profile['Section privacy']);
 		define('PUN_ACTIVE_PAGE', 'profile');
@@ -1801,7 +1805,7 @@ else
 <?php
 
 	}
-	else if ($section == 'admin')
+	else if ($section === 'admin')
 	{
 		if (!$pun_user['is_admmod'] || ($pun_user['g_moderator'] == '1' && $pun_user['g_mod_ban_users'] == '0'))
 			message($lang_common['Bad request'], false, '403 Forbidden');

register.php

@@ -26,13 +26,14 @@ require PUN_ROOT.'lang/'.$pun_user['language'].'/prof_reg.php';
 if ($pun_config['o_regs_allow'] == '0')
 	message($lang_register['No new regs']);
 
+$request = $container->get('Request');
 
 // User pressed the cancel button
-if (isset($_GET['cancel']))
+if ($request->isGet('cancel'))
 	redirect('index.php', $lang_register['Reg cancel redirect']);
 
 
-else if ($pun_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POST['form_sent']))
+else if ($pun_config['o_rules'] == '1' && ! $request->isGet('agree') && ! $request->isPost('form_sent'))
 {
 	$page_title = array(pun_htmlspecialchars($pun_config['o_board_title']), $lang_register['Register'], $lang_register['Forum rules']);
 	define('PUN_ACTIVE_PAGE', 'register');
@@ -63,7 +64,7 @@ else if ($pun_config['o_rules'] == '1' && !isset($_GET['agree']) && !isset($_POS
 // Start with a clean slate
 $errors = array();
 
-if (isset($_POST['form_sent']))
+if ($request->isPost('form_sent'))
 {
 	flux_hook('register_before_validation');
 
@@ -74,20 +75,20 @@ if (isset($_POST['form_sent']))
 		message($lang_register['Registration flood']);
 
 
-	$username = pun_trim($_POST['req_user']);
-	$email1 = strtolower(pun_trim($_POST['req_email1']));
+	$username = trim($request->posStr('req_user'));
+	$email1 = strtolower(trim($request->postStr('req_email1')));
 
 	if ($pun_config['o_regs_verify'] == '1')
 	{
-		$email2 = strtolower(pun_trim($_POST['req_email2']));
+		$email2 = strtolower(trim($request->posStr('req_email2')));
 
 		$password1 = random_pass(12);
 		$password2 = $password1;
 	}
 	else
 	{
-		$password1 = pun_trim($_POST['req_password1']);
-		$password2 = pun_trim($_POST['req_password2']);
+		$password1 = trim($request->postStr('req_password1'));
+		$password2 = trim($request->postStr('req_password2'));
 	}
 
 	// Validate username and passwords
@@ -131,22 +132,22 @@ if (isset($_POST['form_sent']))
 	}
 
 	// Make sure we got a valid language string
-	if (isset($_POST['language']))
+	if ($request->isPost('language'))
 	{
-		$language = preg_replace('%[\.\\\/]%', '', $_POST['language']);
+		$language = preg_replace('%[\.\\\/]%', '', $request->postStr('language', ''));
 		if (!file_exists(PUN_ROOT.'lang/'.$language.'/common.php'))
 			message($lang_common['Bad request'], false, '404 Not Found');
 	}
 	else
 		$language = $pun_config['o_default_lang'];
 
-	$timezone = round($_POST['timezone'], 1);
+	$timezone = round($request->postStr('timezone', 0), 1);
 	// мод запоминания пароля - Visman
-	$save_pass = isset($_POST['save_pass']) ? $_POST['save_pass'] : '0';
+	$save_pass = $request->isPost('save_pass') ? 1 : 0; //????
 
-	$dst = isset($_POST['dst']) ? '1' : '0';
+	$dst = $request->isPost('dst') ? '1' : '0'; //????
 
-	$email_setting = intval($_POST['email_setting']);
+	$email_setting = $request->postInt('email_setting');
 	if ($email_setting < 0 || $email_setting > 2)
 		$email_setting = $pun_config['o_default_email_setting'];
 
@@ -259,7 +260,7 @@ if (isset($_POST['form_sent']))
 			message($lang_register['Reg email'].' <a href="mailto:'.pun_htmlspecialchars($pun_config['o_admin_email']).'">'.pun_htmlspecialchars($pun_config['o_admin_email']).'</a>.', true);
 		}
 
-		pun_setcookie($new_uid, $password_hash, ($save_pass == '1') ? time() + 1209600 : time() + $pun_config['o_timeout_visit']); // мод запоминания пароля - Visman
+		pun_setcookie($new_uid, $password_hash, $save_pass === 1 ? time() + 1209600 : time() + $pun_config['o_timeout_visit']); // мод запоминания пароля - Visman
 		
 		// удаляем из онлайн таблицы запись для этого пользователя для правильного подсчета макс. кол-во пользователей - Visman
 		$db->query('DELETE FROM '.$db->prefix.'online WHERE ident=\''.$db->escape(get_remote_address()).'\'') or error('Unable to delete from online list', __FILE__, __LINE__, $db->error());
@@ -321,7 +322,7 @@ if (!empty($errors))
 					<legend><?php echo $lang_register['Username legend'] ?></legend>
 					<div class="infldset">
 						<input type="hidden" name="form_sent" value="1" />
-						<label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if (isset($_POST['req_user'])) echo pun_htmlspecialchars($_POST['req_user']); ?>" size="25" maxlength="25" /><br /></label>
+						<label class="required"><strong><?php echo $lang_common['Username'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="text" name="req_user" value="<?php if ($request->isPost('req_user')) echo pun_htmlspecialchars($request->postStr('req_user', '')); ?>" size="25" maxlength="25" /><br /></label>
 					</div>
 				</fieldset>
 			</div>
@@ -329,8 +330,8 @@ if (!empty($errors))
 				<fieldset>
 					<legend><?php echo $lang_register['Pass legend'] ?></legend>
 					<div class="infldset">
-						<label class="conl required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password1" value="<?php if (isset($_POST['req_password1'])) echo pun_htmlspecialchars($_POST['req_password1']); ?>" size="16" /><br /></label>
-						<label class="conl required"><strong><?php echo $lang_prof_reg['Confirm pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password2" value="<?php if (isset($_POST['req_password2'])) echo pun_htmlspecialchars($_POST['req_password2']); ?>" size="16" /><br /></label>
+						<label class="conl required"><strong><?php echo $lang_common['Password'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password1" value="<?php if ($request->isPost('req_password1')) echo pun_htmlspecialchars($request->postStr('req_password1', '')); ?>" size="16" /><br /></label>
+						<label class="conl required"><strong><?php echo $lang_prof_reg['Confirm pass'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br /><input type="password" name="req_password2" value="<?php if ($request->isPost('req_password2')) echo pun_htmlspecialchars($request->postStr('req_password2', '')); ?>" size="16" /><br /></label>
 						<p class="clearb"><?php echo $lang_register['Pass info'] ?></p>
 					</div>
 				</fieldset>
@@ -341,9 +342,9 @@ if (!empty($errors))
 					<div class="infldset">
 <?php if ($pun_config['o_regs_verify'] == '1'): ?>						<p><?php echo $lang_register['Email info'] ?></p>
 <?php endif; ?>						<label class="required"><strong><?php echo $lang_common['Email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
-						<input type="text" name="req_email1" value="<?php if (isset($_POST['req_email1'])) echo pun_htmlspecialchars($_POST['req_email1']); ?>" size="50" maxlength="80" /><br /></label>
+						<input type="text" name="req_email1" value="<?php if ($request->isPost('req_email1')) echo pun_htmlspecialchars($request->postStr('req_email1', '')); ?>" size="50" maxlength="80" /><br /></label>
 <?php if ($pun_config['o_regs_verify'] == '1'): ?>						<label class="required"><strong><?php echo $lang_register['Confirm email'] ?> <span><?php echo $lang_common['Required'] ?></span></strong><br />
-						<input type="text" name="req_email2" value="<?php if (isset($_POST['req_email2'])) echo pun_htmlspecialchars($_POST['req_email2']); ?>" size="50" maxlength="80" /><br /></label>
+						<input type="text" name="req_email2" value="<?php if ($request->isPost('req_email2')) echo pun_htmlspecialchars($request->postStr('req_email2', '')); ?>" size="50" maxlength="80" /><br /></label>
 <?php endif; ?>					</div>
 				</fieldset>
 			</div>
@@ -442,7 +443,7 @@ if (!empty($errors))
 						</div>
 <?php if ($pun_config['o_regs_verify'] == '0'): ?>						<p><?php echo $lang_prof_reg['Save user/pass info'] ?></p>
 						<div class="rbox">
-							<label><input type="checkbox" name="save_pass" value="1"<?php if (isset($save_pass) && $save_pass == '1') echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Save user/pass'] ?><br /></label>
+							<label><input type="checkbox" name="save_pass" value="1"<?php if ($save_pass === 1) echo ' checked="checked"' ?> /><?php echo $lang_prof_reg['Save user/pass'] ?><br /></label>
 						</div>
 <?php endif; ?>					</div>
 				</fieldset>

search.php

@@ -16,48 +16,50 @@ require PUN_ROOT.'include/common.php';
 require PUN_ROOT.'lang/'.$pun_user['language'].'/search.php';
 require PUN_ROOT.'lang/'.$pun_user['language'].'/forum.php';
 
+$request = $container->get('Request');
+$action = $request->isGet('action');
 
 if ($pun_user['g_read_board'] == '0')
 	message($lang_common['No view'], false, '403 Forbidden');
 else if ($pun_user['g_search'] == '0')
 	message($lang_search['No search permission'], false, '403 Forbidden');
-else if ($pun_user['is_bot'] && (isset($_GET['search_id']) || !isset($_GET['action']) || $_GET['action'] == 'search')) // Visman - запрет поиска ботам
+else if ($pun_user['is_bot'] && ($request->isGet('search_id') || empty($action) || $action === 'search')) // Visman - запрет поиска ботам
 	message($lang_search['No search permission'], false, '403 Forbidden');
 
 require PUN_ROOT.'include/search_idx.php';
 
 // Figure out what to do :-)
-if (isset($_GET['action']) || isset($_GET['search_id']))
+if (! empty($action) || $request->isGet('search_id'))
 {
 	// search HL - Visman
 	$array_shl = array();
 	$url_shl = '';
 	// search HL - Visman
 
-	$action = (isset($_GET['action'])) ? $_GET['action'] : null;
-	$forums = isset($_GET['forums']) ? (is_array($_GET['forums']) ? $_GET['forums'] : array_filter(explode(',', $_GET['forums']))) : ((isset($_GET['forum']) && isset($sf_array_asc[$_GET['forum']])) ? $sf_array_asc[$_GET['forum']] : array()); // MOD subforums - Visman
-	$sort_dir = (isset($_GET['sort_dir']) && $_GET['sort_dir'] == 'DESC') ? 'DESC' : 'ASC';
+    //????
+	$forums = $request->isGet('forums') ? (is_array($request->get('forums')) ? $request->get('forums') : array_filter(explode(',', $request->get('forums')))) : (isset($sf_array_asc[$request->getInt('forum', -1)]) ? $sf_array_asc[$request->getInt('forum')] : array()); // MOD subforums - Visman
+	$sort_dir = $request->getStr('sort_dir') === 'DESC' ? 'DESC' : 'ASC';
 
 	$forums = array_map('intval', $forums);
 
 	// Allow the old action names for backwards compatibility reasons
-	if ($action == 'show_user')
+	if ($action === 'show_user')
 		$action = 'show_user_posts';
-	else if ($action == 'show_24h')
+	else if ($action === 'show_24h')
 		$action = 'show_recent';
 
 	// If a search_id was supplied
-	if (isset($_GET['search_id']))
+	if ($request->isGet('search_id'))
 	{
-		$search_id = intval($_GET['search_id']);
+		$search_id = $request->getInt('search_id', 0);
 		if ($search_id < 1)
 			message($lang_common['Bad request'], false, '404 Not Found');
 	}
 	// If it's a regular search (keywords and/or author)
-	else if ($action == 'search')
+	else if ($action === 'search')
 	{
-		$keywords = (isset($_GET['keywords'])) ? utf8_strtolower(pun_trim($_GET['keywords'])) : null;
-		$author = (isset($_GET['author'])) ? utf8_strtolower(pun_trim($_GET['author'])) : null;
+		$keywords = utf8_strtolower(trim($request->getStr('keywords')));
+		$author = utf8_strtolower(trim($request->getStr('author')));
 
 		if (preg_match('%^[\*\%]+$%', $keywords) || (pun_strlen(str_replace(array('*', '%'), '', $keywords)) < PUN_SEARCH_MIN_WORD && !is_cjk($keywords)))
 			$keywords = '';
@@ -71,39 +73,39 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 		if ($author)
 			$author = str_replace('*', '%', $author);
 
-		$show_as = (isset($_GET['show_as']) && $_GET['show_as'] == 'topics') ? 'topics' : 'posts';
-		$sort_by = (isset($_GET['sort_by'])) ? intval($_GET['sort_by']) : 0;
-		$search_in = (!isset($_GET['search_in']) || $_GET['search_in'] == '0') ? 0 : (($_GET['search_in'] == '1') ? 1 : -1);
+		$show_as = $request->getStr('show_as') === 'topics' ? 'topics' : 'posts';
+		$sort_by = $request->getInt('sort_by', 0);
+		$search_in = min(max($request->getInt('search_in', 0), 1), -1);
 	}
 	// If it's a user search (by ID)
-	else if ($action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions')
+	else if ($action === 'show_user_posts' || $action === 'show_user_topics' || $action === 'show_subscriptions')
 	{
-		$user_id = (isset($_GET['user_id'])) ? intval($_GET['user_id']) : $pun_user['id'];
+		$user_id = $request->getInt('user_id', $pun_user['id']);
 		if ($user_id < 2)
 			message($lang_common['Bad request'], false, '404 Not Found');
 
 		// Subscribed topics can only be viewed by admins, moderators and the users themselves
-		if ($action == 'show_subscriptions' && !$pun_user['is_admmod'] && $user_id != $pun_user['id'])
+		if ($action === 'show_subscriptions' && !$pun_user['is_admmod'] && $user_id != $pun_user['id'])
 			message($lang_common['No permission'], false, '403 Forbidden');
 	}
 	// MOD warnings - Visman
-	else if ($action == 'show_user_warn')
+	else if ($action === 'show_user_warn')
 	{
 		if ($pun_user['is_guest'])
 			message($lang_common['No permission'], false, '403 Forbidden');
 
-		$user_id = (isset($_GET['user_id'])) ? intval($_GET['user_id']) : $pun_user['id'];
+		$user_id = $request->getInt('user_id', $pun_user['id']);
 		if ($user_id < 2)
 			message($lang_common['Bad request'], false, '404 Not Found');
 	}
-	else if ($action == 'show_recent')
-		$interval = isset($_GET['value']) ? intval($_GET['value']) : 86400;
-	else if ($action == 'show_replies')
+	else if ($action === 'show_recent')
+		$interval = $request->getInt('value', 86400);
+	else if ($action === 'show_replies')
 	{
 		if ($pun_user['is_guest'])
 			message($lang_common['Bad request'], false, '404 Not Found');
 	}
-	else if ($action != 'show_new' && $action != 'show_unanswered')
+	else if ($action !== 'show_new' && $action !== 'show_unanswered')
 		message($lang_common['Bad request'], false, '404 Not Found');
 
 
@@ -308,7 +310,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 			if ($author && $keywords)
 			{
 				$search_ids = array_intersect_assoc($keyword_results, $author_results);
-				$search_type = array('both', array($keywords, pun_trim($_GET['author'])), implode(',', $forums), $search_in);
+				$search_type = array('both', array($keywords, trim($request->getStr('author'))), implode(',', $forums), $search_in);
 			}
 			else if ($keywords)
 			{
@@ -318,7 +320,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 			else
 			{
 				$search_ids = $author_results;
-				$search_type = array('author', pun_trim($_GET['author']), implode(',', $forums), $search_in);
+				$search_type = array('author', trim($request->getStr('author')), implode(',', $forums), $search_in);
 			}
 
 			unset($keyword_results, $author_results);
@@ -334,7 +336,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 			if (!$num_hits)
 				message($lang_search['No hits']);
 		}
-		else if ($action == 'show_new' || $action == 'show_recent' || $action == 'show_replies' || $action == 'show_user_posts' || $action == 'show_user_topics' || $action == 'show_subscriptions' || $action == 'show_unanswered')
+		else if ($action === 'show_new' || $action === 'show_recent' || $action === 'show_replies' || $action === 'show_user_posts' || $action === 'show_user_topics' || $action === 'show_subscriptions' || $action === 'show_unanswered')
 		{
 			$search_type = array('action', $action);
 			$show_as = 'topics';
@@ -343,28 +345,28 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 			$sort_dir = 'DESC';
 
 			// If it's a search for new posts since last visit
-			if ($action == 'show_new')
+			if ($action === 'show_new')
 			{
 				if ($pun_user['is_guest'])
 					message($lang_common['No permission'], false, '403 Forbidden');
 
-				$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL'.(isset($_GET['fid']) ? (isset($sf_array_asc[$_GET['fid']]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$_GET['fid']]).')' : ' AND t.forum_id='.intval($_GET['fid'])) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
+				$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.$pun_user['last_visit'].' AND t.moved_to IS NULL'.($request->isGet('fid') ? (isset($sf_array_asc[$request->getInt('fid', -1)]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$request->getInt('fid', -1)]).')' : ' AND t.forum_id='.$request->getInt('fid', 0)) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
 				$num_hits = $db->num_rows($result);
 
 				if (!$num_hits)
 					message($lang_search['No new posts']);
 			}
 			// If it's a search for recent posts (in a certain time interval)
-			else if ($action == 'show_recent')
+			else if ($action === 'show_recent')
 			{
-				$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - $interval).' AND t.moved_to IS NULL'.(isset($_GET['fid']) ? (isset($sf_array_asc[$_GET['fid']]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$_GET['fid']]).')' : ' AND t.forum_id='.intval($_GET['fid'])) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
+				$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.last_post>'.(time() - $interval).' AND t.moved_to IS NULL'.($request->isGet('fid') ? (isset($sf_array_asc[$request->getInt('fid', -1)]) ? ' AND t.forum_id IN ('.implode(',', $sf_array_asc[$request->getInt('fid', -1)]).')' : ' AND t.forum_id='.$request->getInt('fid', 0)) : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error()); // MOD subforums - Visman
 				$num_hits = $db->num_rows($result);
 
 				if (!$num_hits)
 					message($lang_search['No recent posts']);
 			}
 			// If it's a search for topics in which the user has posted
-			else if ($action == 'show_replies')
+			else if ($action === 'show_replies')
 			{
 				$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.id=p.topic_id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.poster_id='.$pun_user['id'].' GROUP BY t.id'.($container->getParameter('DB_TYPE') == 'pgsql' ? ', t.last_post' : '').' ORDER BY t.last_post DESC') or error('Unable to fetch topic list', __FILE__, __LINE__, $db->error());
 				$num_hits = $db->num_rows($result);
@@ -373,7 +375,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 					message($lang_search['No user posts']);
 			}
 			// If it's a search for posts by a specific user ID
-			else if ($action == 'show_user_posts')
+			else if ($action === 'show_user_posts')
 			{
 				$show_as = 'posts';
 
@@ -387,7 +389,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 				$search_type[2] = $user_id;
 			}
 			// If it's a search for topics by a specific user ID
-			else if ($action == 'show_user_topics')
+			else if ($action === 'show_user_topics')
 			{
 				$result = $db->query('SELECT t.id FROM '.$db->prefix.'topics AS t INNER JOIN '.$db->prefix.'posts AS p ON t.first_post_id=p.id LEFT JOIN '.$db->prefix.'forum_perms AS fp ON (fp.forum_id=t.forum_id AND fp.group_id='.$pun_user['g_id'].') WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND p.poster_id='.$user_id.' ORDER BY t.last_post DESC') or error('Unable to fetch user topics', __FILE__, __LINE__, $db->error());
 				$num_hits = $db->num_rows($result);
@@ -399,7 +401,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 				$search_type[2] = $user_id;
 			}
 			// If it's a search for subscribed topics
-			else if ($action == 'show_subscriptions')
+			else if ($action === 'show_subscriptions')
 			{
 				if ($pun_user['is_guest'])
 					message($lang_common['Bad request'], false, '404 Not Found');
@@ -430,7 +432,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 			$db->free_result($result);
 		}
 		// MOD warnings - Visman
-		else if ($action == 'show_user_warn')
+		else if ($action === 'show_user_warn')
 		{
 			$sort_by = 9;
 			$show_as = 'posts';
@@ -529,7 +531,7 @@ if (isset($_GET['action']) || isset($_GET['search_id']))
 		$per_page = ($show_as == 'posts') ? $pun_user['disp_posts'] : $pun_user['disp_topics'];
 		$num_pages = ceil($num_hits / $per_page);
 
-		$p = (!isset($_GET['p']) || $_GET['p'] <= 1 || $_GET['p'] > $num_pages) ? 1 : intval($_GET['p']);
+		$p = max(min($request->getInt('p', 1), $num_pages), 1);
 		$start_from = $per_page * ($p - 1);
 
 		// Generate paging links

upfiles.php

@@ -5,7 +5,7 @@
  * License: http://www.gnu.org/licenses/gpl.html GPL version 2 or higher
  */
 
-if (isset($_GET['delete']))
+if (isset($_GET['delete'])) //????
 	define('PUN_QUIET_VISIT', 1);
 
 define('PUN_ROOT', dirname(__FILE__).'/');
@@ -22,7 +22,9 @@ require PUN_ROOT.'include/upload.php';
 define('PLUGIN_REF', pun_htmlspecialchars('upfiles.php'));
 define('PLUGIN_NF', 25);
 
-if (!isset($_GET['id']))
+$request = $container->get('Request');
+
+if (! $request->isGet('id'))
 {
 	$id = $pun_user['id'];
 
@@ -38,7 +40,7 @@ if (!isset($_GET['id']))
 }
 else
 {
-	$id = intval($_GET['id']);
+	$id = $request->getInt('id', 0);
 	if ($id < 2 || ($pun_user['g_id'] != PUN_ADMIN && $id != $pun_user['id']))
 		message($lang_common['Bad request'], false, '404 Not Found');
 		
@@ -67,7 +69,7 @@ $extsup = explode(',', $extsup.','.strtoupper($extsup));
 // #############################################################################
 
 // Удаление файлов
-if (isset($_GET['delete']))
+if ($request->isGet('delete'))
 {
 	confirm_referrer(PLUGIN_REF);
 
@@ -75,7 +77,7 @@ if (isset($_GET['delete']))
 
 	if (is_dir(PUN_ROOT.$dir))
 	{
-		$file = parse_file(pun_trim($_GET['delete']));
+		$file = parse_file(trim($request->getStr('delete')));
 		$ext = strtolower(substr(strrchr($file, '.'), 1)); // берем расширение файла
 		if ($file[0] != '.' && $ext != '' && !in_array($ext, $extforno) && is_file(PUN_ROOT.$dir.$file))
 		{
@@ -97,7 +99,7 @@ if (isset($_GET['delete']))
 	else
 		$error++;
 
-	if (isset($_GET['ajx']))
+	if ($request->isGet('ajx'))
 	{
 		$db->end_transaction();
 		$db->close();
@@ -116,7 +118,7 @@ if (isset($_GET['delete']))
 		$pun_config['o_redirect_delay'] = 5;
 		$s = $lang_up['Error'].$lang_up['Error delete'];
 	}
-	redirect(empty($_GET['p']) || $_GET['p'] < 2 ? PLUGIN_URL : PLUGIN_URLD.'p='.intval($_GET['p']).'#gofile', $s);
+	redirect($request->getInt('p', 0) < 2 ? PLUGIN_URL : PLUGIN_URLD . 'p=' . $request->getInt('p', 0) . '#gofile', $s);
 }
 
 // Загрузка файла
@@ -243,7 +245,7 @@ else if (isset($_FILES['upfile']) && $id == $pun_user['id'])
 }
 
 // Unknown failure
-else if (!empty($_POST))
+else if (!empty($_POST)) //????
 	redirect(PLUGIN_URL, $lang_up['Error'].$lang_up['Unknown failure']);
 
 // #############################################################################
@@ -325,7 +327,7 @@ if (is_dir(PUN_ROOT.$dir))
 	if (!empty($filesvar))
 	{
 		$num_pages = ceil(sizeof($filesvar) / PLUGIN_NF);
-		$p = (!isset($_GET['p']) || $_GET['p'] <= 1) ? 1 : intval($_GET['p']);
+		$p = max($request->getInt('p', 1), 1);
 		if ($p > $num_pages)
 		{
 			header('Location: '.str_replace('&amp;', '&', PLUGIN_URLD).'p='.$num_pages.'#gofile');
@@ -401,7 +403,7 @@ else
 								</a>
 							</div>
 							<div class="upf-size"><span><?php echo pun_htmlspecialchars($size_file) ?></span></div>
-							<div class="upf-but upf-delete"><a title="<?php echo $lang_up['delete'] ?>" href="<?php echo PLUGIN_URLD.'csrf_hash='.$vcsrf.(empty($_GET['p']) || $_GET['p'] < 2 ? '' : '&amp;p='.intval($_GET['p'])).'&amp;delete='.$f ?>" onclick="return FluxBB.upfile.del(this);"><span></span></a></div>
+							<div class="upf-but upf-delete"><a title="<?php echo $lang_up['delete'] ?>" href="<?php echo PLUGIN_URLD.'csrf_hash='.$vcsrf.($request->getInt('p', 0) < 2 ? '' : '&amp;p='.$request->getInt('p', 0)).'&amp;delete='.$f ?>" onclick="return FluxBB.upfile.del(this);"><span></span></a></div>
 						</li>
 <?php